Posted
by
kdawson
on Thursday February 15, 2007 @08:26AM
from the fun-and-games dept.

paulbiz writes "Charter Cable's DNS servers have just started resolving all invalid hostnames and pointing them to their own error page. The About page states: 'This service automatically eliminates many of the error pages you may encounter as you surf the web. No software was installed on your computer for this service to work.' It has an 'opt-out' page, but when you use it Charter simply sets a cookie that makes their page redirect errors to Microsoft Live Search instead!" One more reason to use OpenDNS, where you can actually opt out of the custom error page.

That's precisely the reason why I run my own resolver. Also, if I were a customer of those morons, they would get a nice letter demanding to restore their service to proper working or else they'd get no more money.

I run my own resolver, too. In fact everyone runs their own resolver. The resolver is the bit of the DNS infrastructure that runs on client machines and is responsible for performing lookups. Every computer that can access the Internet tubes has a resolver on it.

Every computer that can access the Internet tubes has a resolver on it.

Not true! When I got my sun3/260 (long since gone, although I did upgrade it to a 4/260 while I still had it) I installed SunOS 4.1.1 on it, as it was the latest and greatest that you could even get on there. It came with TCP/IP but the resolver was not linked in! I actually had to link the DNS resolver into libc (IIRC) before I could use DNS. But I could still access things by IP, and actually did so.

Blocking outbound connections? They might block inbound DNS connections to PCs on dynamic addresses in order to prevent trojaned machines from acting as DNS servers for spam sites, but blocking outbound port 53 is just stupid.

If you care about privacy then you will be using PGP, S/MIME or another end-to-end encryption system.

If you really don't trust your ISP to not read your mail then using your own server is not enough--they (or anyone else whoses systems your mail goes through) can use something like tcpdump to capture all your mail and other traffic.

I've read about various ISPs doing this from time to time, but have any of them actually stuck around for more than a month or so? The stories are usually followed up by a hasty retraction shortly after the launch.

Charter customers (I pity you): make your voice heard!

Although the recommendation to switch to OpenDNS has the same flaws from what I have read. They, too, redirect unknown domains to their "organic search" page. I'm not sure how trees and cows help your search, but I suppose supporting an open, free DNS system is better than letting Charter continue to rake in money at your expense.

I've read about various ISPs doing this from time to time, but have any of them actually stuck around for more than a month or so?

WideOpenWest has been doing this since at least November, and it's still going on. On the up side, they have a link where you can opt out of it. On the down side, the page has javascript errors in firefox, and when you use it in IE it doesn't seem to do anything (a week later it's still giving their stupid DNS error page).

This particular nastiness Verizon has never tried. Instead, Verizon wastes all of its internet stupidity on anti-spam stuff, including a royally screwed up method of sender callbacks that causes them to be placed on multiple DNS blacklists.

I'm replying to my own post since apparently the mod didn't who didn't like my post just clicked instead of replied. How could my post possibly be redundant since I was the first to bring up that particular topic in this story?

I have Charter (who I hate BTW, I had to switch from Comcast to Charter the last time I moved and am now paying more money for worse service), and am still getting the standard "Page Not Found" screen. Of course, I'm running Firefox on a Mac, so . . .

I also have Charter broadband (and am using Firefox on a MacBook Pro), and it does do the silly redirection for me.It gives you a choice to "opt out", but that can only work for www browsers, since it relies on cookies. So, any other apps making network connections are subject to their redirections.

I hope there will be enough customer pushback to get this reversed. But, I'm not sure there will be. Most users won't realize what's happening. And, I personally don't have any other broadband options.. it's

Well... It's Charter's network, so I guess they can do what they want, eh?

That depends on how they are selling it. Would that argument hold up if they were blocking http traffic from comcast.com, verizon.com, etc?

Accurate DNS would probably be an assumed necessity for consumer-level "internet access". If they are actively and intentionally shipping bogus DNS info, there could be some opportunity for lawyers to get some billable hours in.

Well... It's Charter's network, so I guess they can do what they want, eh?

They can do what they want after they've dropped out of the exclusive franchising agreement they have with my city. Until then, they enjoy government protection from market competition, and they should be subject strict oversight to prevent them from taking advantage of their monopoly entitlement to harm consumers.

I quit using it months ago. Every time I had to go to their DNS to do a lookup I didn't have cached, the first lookup would timeout every single time. The second lookup would only work about 50%. Last time I checked, they were just as bad as ever. I've pointed several friends to OpenDNS and they were all amazed at the difference. Charter's customer server is horrendous and the only reason they have a market lead in this area is because they have exclusive service in so many apartments and subdivisions.

Same thing happened with Sprint and their DSL. I believe they use Earthlink if I remember right. At least from the Raleigh area in North Carolina their DNS was incredibly slow/timed out. Switched to OpenDNS and have had no problems ever since.

Every customer we set up I add openDNS as the secondary DNS in their router which act's as their DNS server. Granted you can only do this with a decent router or in our case the buffalo router with DD-WRT installed. (every customer has a DD-WRT router as we will only work with our router and not anyone elses)

Comcast is notorius for having their DNS dead and by us adding in a secondary DNS that is not ISP locked it gives them more days without problems than their neighbors.

Any geek that is not running a dd-WRT or a OpenWRT router at home is missing out.

Of course, if you're running your own BIND server on your NATted network, which forwards non-local queries to the upstream DNSs, you can use something like what ISC recommends in case of SiteFinder. In/etc/named.conf:

"If you have your own DNS..." there is no need for it to forward to your ISP's DNS at all, it can talk to the roots (whats what named.root is about) directly, and follow delegations from there. And yes, delegation-only is a good thing, but in that case, its only relevant (or needed) to counteract stuff Verisign/Netsol puts in the TLD zones themselves.

Your DNS resolution performance will suffer, however. Unless your DNS server is resolving a ridiculous amount of names all the time, your cache is going to be mostly empty, which means every name not in the cache is going to require hitting up other servers to get it resolved. You can either forward those requests to your ISP's (nearby) DNS server, and get the benefits of their cache (which probably is resolving a ridiculous amount of names on behalf of all of its other customers), or resolve it yourself,

Yeah, but for the most part you probably hit the same sites over and over, so the hit won't be that bad. Not as bad as having your usage hijacked by your ISP.When DNS fails to resolve, many browsers decide not to clutter your history with the bogus URL. Now if everything "successfully" resolves to some craptacular (Comcastic?) filler page that particular excellent feature will be useless. Nothing like helping your users by turning valid error messages into artificial successes... At least it will cut back o

I've run my own recursive server that does not forward to ISPs for about 10 years, and I too do not have a "problem" with slow resolution. However, I wasn't talking about slow resolution, I was talking about slower resolution than the alternative. It might seem peppy for you either way, but some people notice fractions of a second when they're trying to pull up a web page. If the resolution speed doesn't bother you, then don't worry about it, but if it might be a factor for you, try it with and without f

My guess is that direct query of my ISPs nameservers would be better than using my local nameserver with theirs specified as a forwarder, since it would eliminate the transactional latency of my own nameserver.

OpenDNS makes money by offering clearly labeled advertisements alongside organic search results when the domain entered is not valid and not a typo we can fix. OpenDNS will provide additional services on top of its enhanced DNS service, and some of them may cost money. Speedy, reliable DNS will always be free.

So I can pay Charter $40 a month for cable internet and then switch to OpenDNS which has the same broken DNS setup as Charter, but its different because I'm not paying OpenDNS to do the same thing Charter is?

No, DNS is understood to be an integral part of the services provided by an ISP. Its cost has always been included in your monthly fee. It's highly unlikely that any ISP is going to drop monthly rates because of this ad revenue, so this action is essentially just another rate hike. Nothing about your

Isn't there some sort of DNS standard that prevents this type of situation? There are applications out there that depend on getting reliable errors back from DNS. With such pages, DNS will always return an IP, even if none is registered. Sitefinder-like DNS breaks applications.It's becoming increasingly clear that, in order to protect the internet from the greedy hands of corporations, we need to adopt their tactics; patent the DNS standard and trademark the "DNS" label, so nobody can mangle it and still cl

Come on, you can do better.
Take for example the GNU-tools who spread on most Unices because they were _better_ than their CS-counterparts.

The GNU toolchain (or userland, I can't tell which you're talking about, but this applies equally well) is an example of evolution, not revolution. First they implemented precisely the same functionality as the programs they were replacing. Then they added more functionality, and became the dominant force. However, las

You are completely ignoring infrastructure, such as DNS itself, which is entirely designed as FOSS and "copied" by MS and Apple.But I can give you that, as most people do not even think about it as "software". Certainly I agree that FOSS things that resemble boxed software are copies. But your cheap shot that the reason is that the writers want it for "free" is obviously bogus.

It is plenty obvious that about 80% of the desire to copy commercial software is to make a version that works on Linux.

As opposed to the commercial software industry, which you can hardly STOP from innovating...

Give me a break. 99% of software out there was copied from something else, with trivial improvements, be it commercial, or Open Source. Or did you think Microsoft invented the Word Processor, and Spreadsheet?

IMHO, at the end of the day, OSS is innovating much more than the commercial software industry. Copying of ideas goes both ways.

to your named.conf file to allow only the "correct" servers to respond.

As far as copyright/patent/trademarking that is the what the Free Software Foundation and the GNU project try to do. MS does this to, AD is part of their process of "embracing and extending" "core internet protocols" (see the Halloween docments). DNS is tightly integrated in AD and

Trouble is, no one knows what DNS is.We'd need to trademark words like "Internet" and "World Wide Web" and related terms that people understand. That way, no one could legally claim to have a website if it required Flash to run, and no one could legally claim to be an ISP unless they provided, at the bare mininum, DHCP and normal, functioning DNS.

Unfortunately, it's a pipe dream. These words are pretty much public domain now, and the public has an understanding of it. I bet you could still make a court case

I've been looking at different alternatives to the standard root servers and didn't like OpenDNS either as they also change DNS replies.My search ended with ORSN [orsn.net], a European "backup" of ICANN servers. This way I shouldn't be affected by attacks and outages on ICANN servers.

That's exactly what I did and what everybody who complains about ICANN should be doing too. Besides, ORSN's servers are quite fast: the *real* reason why I ditched my ISP's DNS servers was that they took forever to answer and THEN proceeded to show you ads to boot. Needless to say, I require to know whether the host I *actually want to connect to* is up, down or feeling sick, not their ad servers.

I have Charter, and this annoys me to no end. I simply added www11.charter.net (the website they're currently redirecting me to) to my hosts file, so I get an "Unable to connect" message. It's not perfect, but it at least gives me a somewhat meaningful error.

I talked to their tech support a few days ago about this shadiness. He had no idea this was going on, and rightfully thought it was a malware/spyware problem at first, until I explained a little more clearly what was going on, and he did some poking around and found other blog and forum posts about this. He seemed somewhat surprised that Charter would engage in such a practice and that no one had been told about it.

He was talking with level 2 support while he was on with me and said that they just kept telling him it was probably malware/spyware. Hilarious that they at least see it that way too, but sad that their company pulls this shit on them without telling anyone first. I asked him for a followup, he said he'd pass it along to level 2, I gave him my email address, and that was that. I don't exactly expect to ever hear back from them, so I'll probably have to make a stink at a city Cable Board meeting to get any response.

In the meantime, I hope other folks out there start repeatedly and publicly asking Charter:

- Were they ever going to make an announcement/disclosure to allow customers to opt-out, or at least tell their staff about it?- Will they provide options for customers who don't allow or regularly clear cookies, such as a non-redirecting DNS?- Why were they pointing people towards http://optin.charter.net/ [charter.net] , which doesn't exist?- How much information do they gather about visitors to their link farm?- Is there a third-party involved providing Charter the redirect (like Barefruit did for Earthlink?)- How much money are they making from their link farm affiliates?- Most importantly, do we have any guarantees that they aren't redirecting or degrading other network traffic?

In the meantime, I've switched my DNS over to Level3 (4.2.2.2 and 4.2.2.3).

The funny part of this argument is this service and others like it actually improves your DNS performance. Normally when a DNS lookup fails, the client will retry before giving up and displaying page not found.

What? WHAT? You are absolutely insane.

For correct operation, software depends on getting accurate responses back from DNS queries. If you get back a response from this service, instead of getting an error, you get the wrong webpage. This is absolutely unacceptable behavior and in violation of the ap

I noticed this last night, called to complain about it, and spent over an hour on the phone with their tech support. First I had to convince them it was really happening and it was a change to their DNS, it wasn't some browser setting I had ``accidentally'' changed. So they apparently made this change without letting their 1st and 2nd level support know about it.

Then once I got high enough, they tried to weasel out of it with their lame opt-out solution, which even if it worked wouldn't help when I'm making non-browser-based connections. So I guess they want all of my typo'd telnet, ssh, ftp and ping commands to hit their search server instead?

At the end, I asked to be transferred to account services to cancel (gosh I hope Bell doesn't pull the same shit in a month), and the admittedly very understanding engineer begged for a day to look into a way to completely remove the feature from my account. So I'll be calling back tonight.

Comcast rents you a wireless router but they install some firmware that doesn't allow you to use all functionality. I think there is no way to put openDNS on those? I didn't see any menu that said "DNS" or similar...

I'm not surprised ISPs are doing this. More will be doing this. What does surprise me is how ISPs try to do this silently and behind closed-door without informing their customers, or even their tech support in some cases.

Think about it this way: Any change an ISP makes that results in 1% (or more) of their customer base calling in for technical support is a cost nightmare. Customer Service is a (*the*) major cost center for ISPs. I guess we have to imagine that they are making more money than the pain of doing the customer service is costing them.

The other thing that surprises me (and obviously I'm biased since I run OpenDNS) is that the search results page linked above is 100% ad-driven. There are no no organic search results for my typo (as far as I can tell). Moreover, when I click on a category to "refine" my results they totally remove the typo'd domain that I had there in the first place instead just giving me generic ads for a category (which is a mediocre CPC on their side) and a crappy search experience on the user side. There is absolutely no user-benefit to what Charter has done here.

I'm proud to say that our page [opendns.com] is getting better and better every single day. Compare [opendns.com] and contrast [charter.net]. Not only that, but we're driving more and more innovation in both user navigation and fundamental DNS operations. These things go hand in hand. Fundamentally the DNS is about navigation. It's about helping users get where they are trying to go. That's exactly what we intend to help our users do. We know that the changes we have made to how our DNS servers operate aren't for every user which is why we are so clear about how our system works and is why make sure we can manage account settings on a per IP basis (CIDR-style preferences down to/32's).

Just how does a DNS error page work? Is this a specially crafted UDP packet on port 53? Don't think I've seen one of them. Returning the IP of a charter http server instead of NXDOMAIN for non resolvable domains is NOT a DNS error page (FFS). And thats the problem, its DNS and it should return a DNS error. TCP/IP is not the intraweb. HTML infomercials don't help one iota when you've mistyped a hostname into anything other than a web browser, whereas NXDOMAIN does.

This is definitely right. More importantly, will this intercept (and reply with their "special IP" to) requests for records of type MX? How about SRV? Or TXT? If it DOES, we're looking at serious problems with mail servers thinking sites exist but with SMTP down (and therefore causing Transient, "will retry later" errors, rather than permanent, "domain doesn't exist, nope, not trying again" errors)

Just because it says "open" at the front it's better? What makes it open? It looks closed to me. It's run as a for profit company, and if you want any control over it you have to give them personal data.

Just checked with a client who lives in Saginaw. Using default DHCP settings which presumably point to Charter's DNS servers, we just get normal dns lookup errors. Now, Charter does know they are using Macs, and I noticed the www11.charter.com webpage that others here have cited on slashdot currently seems designed to look like a PC error page so is it possible they are doing this on limited basis? Who knows.I had not heard that ISPs are starting to do this... If so we'll have to do some investigation. We

In my area at least, Charter rolled out this bullshit on the same day they announced a rate hike. They want you to pay more for this "service".

The most damning part is that "opting-out" just forwards you to "Windows Live" instead, which is obviously an attempt to pretend that they aren't doing what they're doing by doing what Internet Explorer would do anyway. Fuck you, Charter.

Do you use your Internet connection for anything other than HTTP? If so, this 'service' could break things for you. If you use FTP, for example, and typo a hostname then instead of getting a 'server not found' error, you will get a 'connection refused' error. This will make it look like the host is up, but the FTP server is broken.

The same is true of pings. If you ping a non-existent host, then instead of being told 'this host does not exist,' you will get ping returns from their server.

This can potentially break a lot of things. On the plus side, since the ISP is now directly manipulating the data flowing over your Internet connection (and violating a few RFCs), it can no longer claim to be a common carrier and is therefore liable for all copyright infringement committed by its subscribers.

1. Non-Telco-ISPs and cable companies are not, and never have been, Common Carriers2. Non-Telco-ISPs and cable companies DO NOT WANT TO BE common carriers.3. ISPs are protected by the Good Samaritan provisions of the Communications Decency Act. THIS is what protects them from liability, NOT common carrier status.

If you think that's bad, see what my isp (netcabo, Portugal) is doing:

Every now and then when they want to send me a message (e.g. to tell me about "special offers" or whatever), they intercept one of my http requests and reply with a redirect to a page on their website, with the oh-so-important message and a link to the page I had asked for.

Needless to say that scripts that automatically parse web pages get confused.

If you think that's bad, see what my isp (netcabo, Portugal) is doing:

Every now and then when they want to send me a message (e.g. to tell me about "special offers" or whatever), they intercept one of my http requests and reply with a redirect to a page on their website, with the oh-so-important message and a link to the page I had asked for.

Needless to say that scripts that automatically parse web pages get confused.

It also means your ISP has some equipment capable of hijacking TCP connections,
a.k.

Not receiving correct DNS error pages is a problem for those that wish to resolve domains.

But to me it's more simple than that. It means misleading the consumer of the cable service. 'The website does not exist' is being changed to 'we're not being up-front that there was a type, misdirected link, etc, we're going to show you adverts instead'.

The Site Finder-like service further reduces the web from a meritocrious system of links and content, to a mess of adverts.

I guess I wonder what exactly you should demand out of Charter when a person emails them complaining about something like this. I noticed this page yesterday when I typed a domain name wrong. I was like 'WTF?', but I don't guess I know exactly how to respond to them.

Don't email them, call them. Emailing them, they can just ignore that, drop you into a mailbox and reply to hundreds of people with a form letter at once. Calling them costs them money. This is the only stimulus to which corporations respond: p

Recently my bad registar forgot to tell the TLD registry to renew my domain (even though I paid them months in advanced).I knew immediately when the domain had been dropped because things weren't resolving on it.

So, I contacted my registar (that decided to spend two days todo nothing on it), only to see that within the first few hours, the domain had been grabbed and it was some weird scamming thing that wanted me to offer a amount of money to buy it.